diff --git a/configure.ac b/configure.ac index aa380d78f..298b4be1b 100644 --- a/configure.ac +++ b/configure.ac @@ -4282,6 +4282,13 @@ then ENABLED_CERTREQ="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" fi + + # Requires CRL + if test "x$ENABLED_CRL" = "xno" + then + ENABLED_CRL="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" + fi fi # MD4 diff --git a/src/ssl.c b/src/ssl.c index 0b5618263..549ffcff9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23454,9 +23454,6 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag); } - (void)store; - (void)flag; - return ret; } @@ -26015,6 +26012,41 @@ WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) } #endif +WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, + const unsigned char **der, + long length) +{ + const unsigned char *d; + long len; + int tag, class; + WOLFSSL_ASN1_OBJECT* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT"); + + if (!der || !*der || length <= 0) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + d = *der; + + if (wolfSSL_ASN1_get_object(&d, &len, &tag, &class, length) & 0x80) { + WOLFSSL_MSG("wolfSSL_ASN1_get_object error"); + return NULL; + } + /* d now points to value */ + + if (tag != ASN_OBJECT_ID) { + WOLFSSL_MSG("Not an ASN object"); + return NULL; + } + + ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len); + if (ret) + *der = d; + return ret; +} + /** * Parse an ASN1 encoded input and output information about the parsed object * @param in ASN1 encoded data. *in is moved to the value of the ASN1 object @@ -26066,20 +26098,40 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, return ret; } -#ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **pp, long len) { - (void)a; - (void)pp; - (void)len; + WOLFSSL_ASN1_OBJECT* ret = NULL; WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT"); - WOLFSSL_STUB("c2i_ASN1_OBJECT"); - return NULL; + if (!pp || !*pp || len <= 0) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + if (!(ret = wolfSSL_ASN1_OBJECT_new())) { + WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error"); + return NULL; + } + + ret->obj = (const unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (!ret->obj) { + WOLFSSL_MSG("error allocating asn data memory"); + wolfSSL_ASN1_OBJECT_free(ret); + return NULL; + } + + XMEMCPY((byte*)ret->obj, *pp, len); + ret->objSz = len; + ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; + + *pp += len; + + if (a) + *a = ret; + return ret; } -#endif #ifndef NO_BIO /* Return number of bytes written to BIO on success. 0 on failure. */ @@ -48362,8 +48414,10 @@ PKCS7* wolfSSL_PKCS7_new(void) ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID); } - if (ret != 0 && pkcs7 != NULL) + if (ret != 0 && pkcs7 != NULL) { XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7); + pkcs7 = NULL; + } return (PKCS7*)pkcs7; } @@ -48398,6 +48452,8 @@ void wolfSSL_PKCS7_free(PKCS7* pkcs7) if (p7->data != NULL) XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); wc_PKCS7_Free(&p7->pkcs7); + if (p7->certs) + wolfSSL_sk_free(p7->certs); XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7); } } @@ -48549,6 +48605,11 @@ int wolfSSL_PKCS7_encode_certs(PKCS7* pkcs7, WOLFSSL_STACK* certs, #endif /* !NO_BIO */ +WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* p7) +{ + +} + WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, int flags) { diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 7c6a52824..ea6f7e294 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -33,6 +33,7 @@ #define ASN1_STRING_free wolfSSL_ASN1_STRING_free #define ASN1_get_object wolfSSL_ASN1_get_object +#define d2i_ASN1_OBJECT wolfSSL_d2i_ASN1_OBJECT #define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define V_ASN1_INTEGER 0x02 diff --git a/wolfssl/openssl/pkcs7.h b/wolfssl/openssl/pkcs7.h index 368cfb3d5..ad096858a 100644 --- a/wolfssl/openssl/pkcs7.h +++ b/wolfssl/openssl/pkcs7.h @@ -43,6 +43,7 @@ typedef struct WOLFSSL_PKCS7 PKCS7 pkcs7; unsigned char* data; int len; + WOLFSSL_STACK* certs; } WOLFSSL_PKCS7; @@ -57,6 +58,7 @@ WOLFSSL_API int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, WOLFSSL_BIO* out, int flags); WOLFSSL_API int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, WOLFSSL_BIO* out); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* p7); WOLFSSL_API WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, WOLFSSL_STACK* certs, int flags); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2bda06002..e66ff85bf 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3942,6 +3942,9 @@ WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, con WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key); WOLFSSL_API int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); +WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, + const unsigned char **der, + long length); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength));